cors
Safeguard articles tagged "cors" — guides, analysis, and best practices for software supply chain and application security.
5 articles
The Security Implications of Misconfigured CORS in Node.js APIs
One line of Express middleware — reflecting Origin back with credentials: true — turns CORS from a browser protection into an authenticated data-exfiltration channel.
CORS Misconfiguration: How to Prevent It
A too-generous CORS policy can let a malicious site read authenticated responses from your API. Reflecting the Origin with credentials is the classic mistake.
CVE-2018-1199: Authorization bypass in Spring Security CO...
CVE-2018-1199 let CORS pre-flight requests slip past Spring Security's authorization checks. What it affected, its real severity, and how to remediate it.
CVE-2020-1045: Security feature bypass in ASP.NET Core
CVE-2020-1045 lets attackers bypass CORS protections in ASP.NET Core apps. Here's what's affected, the risk context, and how to remediate it for good.
CORS Misconfiguration Exploitation: The Silent API Exposure
CORS misconfigurations are one of the most common web security issues. They silently expose your APIs to cross-origin data theft.